Posts Tagged ‘use’

« Older Entries

Speed Up Linux: 10 Underrated Hacks for Faster Workstations and Servers

Tuesday, December 9th, 2025

make-linux-faster-underrated-hacks-cute-tux-penguin-toolbox-logo

 

Most Linux “performance tuning guides” recycle the same tips: disable services, add RAM, install a lighter desktop … and then you end up with a machine that feels basically not too much quicker.

Below is a collection of practical, field-tested, sysadmin-grade hacks that actually change how responsive your system feels—on desktops, laptops, and even small VPS servers.

Most of these are rarely mentioned (or uknown) by novice sys admins / sys ops / system engineers / dev ops but time has proved them extremely effective.

1. Enable zram (compressed RAM) instead of traditional swap

Most distros ship with a slow swap partition on disk. Enabling zram keeps swap in memory and compresses it on the fly. On low/mid RAM systems, the difference is night and day.

On Debian/Ubuntu:

# apt install zram-tools

# systemctl enable –now zramswap.service

Expect snappier multitasking, fewer freezes, and far less disk thrashing.

2. Speed up SSH connections with ControlMaster multiplexing

If you SSH multiple times into the same server, you can cut connection time to almost zero using SSH socket multiplexing:

Add to ~/.ssh/config:

Host *

    ControlMaster auto

    ControlPath ~/.ssh/cm-%r@%h:%p

    ControlPersist 10m

Your next ssh/scp commands will feel instant.

 

3. Replace grep, find, and ls with faster modern tools

 

The classic GNU tools are fine—until you try the modern replacements:

  • ripgrep (rg) → insanely faster grep
  • fd → user-friendly, colored alternative to find
  • exa or lsd → modern ls with icons, colors, Git info

# apt install ripgrep fd-find exa

You’ll be surprised how often you use them.

4. Improve boot time via systemd-analyze

Run cmd:

# systemd-analyze blame

This shows what’s delaying your boot. Disable useless services like:
 

# systemctl disable bluetooth.service

# systemctl disable ModemManager

# systemctl disable cups

Great for lightweight servers and old laptops.

5. Make your terminal 2–3× faster with GPU rendering (Kitty/Alacritty)

Gnome Terminal and xterm are CPU-bound and choke when printing thousands of lines.

Switch to a GPU-rendered terminal:

  • Kitty
  • Alacritty

They scroll like butter – even on old ThinkPads.

6. Use eatmydata when installing packages

APT and DPKG spend a lot of time syncing packages safely to disk. If you're working in a Docker container, VM, or test machine where safety is less critical, use:

# apt install eatmydata

# eatmydata apt install PACKAGE

It cuts install time by 30–70% !

7. Enable TCP BBR congestion control (massive network speed boost)

Google’s BBR can double upload throughput on many servers.

Check if supported:

sysctl net.ipv4.tcp_available_congestion_control

Enable:

# echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.conf

# echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.conf

# sysctl -p

On VPS hosts with slow TCP stacks, this is a cheat code.

8. Reduce SSD wear and speed up disk with noatime

Every time a file is read, Linux updates its “access time.” Useless on most systems.

Edit /etc/fstab and change:

defaults

to:

defaults,noatime

Fewer writes + slightly better I/O performance.

9. Use htop + iotop + dstat to diagnose “mystery lag”

When a Linux system hangs, it’s rarely the CPU. It’s almost always:

  • I/O wait
  • swap usage
  • blocked processes
  • misbehaving snaps or flatpaks

Install the golden server stats trio:

# apt install htop iotop dstat

Check:

  • htop → load, processes, swap
  • iotop → who’s killing your disk
  • dstat -cdlmn → real-time performance overview

Using them can solve you 90% of slowdowns in minutes.

10. Speed up your shell prompt dramatically

Fancy PS1 prompts (Git branches, Python envs, emojis) look nice but slow down your shell launch.

Fix it by using async Git status tools:

  • starship prompt
  • powerlevel10k for zsh

Both load instantly even in large repos.

11. Another underrated improvement (if not already done), 
/home directory storage location

Put your $HOME on a separate partition or disk.

Why?

  • faster reinstalls
  • easier backups
  • safer experiments
  • fewer “oops I nuked my system” moments by me or someone else who has account doing stuff on the system

Experienced sysadmins and a good corporate server still does this for a reason.

Final Thoughts

Performance isn’t just about raw hardware—it's about removing the subtle bottlenecks Linux accumulates over time. With the changes above, even a 10-year-old laptop or low-tier VPS feels like a new machine.

Tags: , , , , , , , , , , , ,
Posted in Linux, System Administration, System Optimization | No Comments »

How to Restrict a Program to Use Only a Specific Port Range for Outgoing Connections (Linux)

Wednesday, October 22nd, 2025

In some advanced system administration and security scenarios, you might want to restrict a specific program (or a user) to only use a specific range of source ports when making outbound connections. This can be important for:

  • Securing network access per service
  • Enforcing port-based identity
  • Making firewall rules easier to manage
  • Avoiding source port collisions in NAT environments

This article explains how to achieve this using iptables, cgroups, and kernel-level ephemeral port controls, with practical, copy-paste-ready examples.

What meant by "Port Range Restriction"?

When a program connects to an external server (e.g., with curl or a custom app), the kernel assigns a source port — typically from a dynamic range like 32768–60999. If you want to limit a specific app or user to only use, say, source ports 50000–51000 for all its outbound connections, you have to implement that at the firewall or kernel level.

Option 1: Using iptables with the owner Module (Per-User Limiting)

This is the most straightforward way if the program runs as a known user or UID.

Example: Allow only source ports 50000–51000 for myuser

# Block all outgoing TCP traffic from 'myuser' outside the port range

# iptables -A OUTPUT -p tcp -m owner –uid-owner myuser ! –sport 50000:51000 -j DROP

 

# Optional: for UDP

# iptables -A OUTPUT -p udp -m owner –uid-owner myuser ! –sport 50000:51000 -j DROP

Note: This will not stop the application from running — it just ensures the kernel drops packets that don't meet your policy.

Option 2: Using cgroups with net_cls + iptables (Per-Process Control)

For more precise control, especially in multi-user systems or containers, you can use Linux cgroups to classify traffic per process.

Step-by-step:

  1. Create a net_cls cgroup:

# mkdir -p /sys/fs/cgroup/net_cls/myapp

# echo 0x100001 | sudo tee /sys/fs/cgroup/net_cls/myapp/net_cls.classid

  1. Assign your process to the cgroup:

# Replace <PID> with the actual process ID

# echo <PID> | sudo tee /sys/fs/cgroup/net_cls/myapp/tasks

  1. Add iptables rule:

# iptables -A OUTPUT -m cgroup –cgroup 0x100001 -p tcp ! –sport 50000:51000 -j DROP


This gives you fine-grained per-process port restrictions.


Optional: Set Ephemeral Port Range (Globally or Per Namespace)

Linux picks ephemeral ports from a default system-wide range (32768–60999). You can limit this globally (not recommended in shared systems) or within a network namespace.

To view the current range:

# cat /proc/sys/net/ipv4/ip_local_port_range

To change the range:

# echo "50000 51000" | sudo tee /proc/sys/net/ipv4/ip_local_port_range

Warning: This affects all processes. Better used inside isolated environments (e.g., containers or netns).

Run the App with Explicit bind() to Source Port

If you control the source code of the app, the cleanest method is to explicitly bind to the desired source port(s) before making the connection.

Python Example:

import socket

 

s = socket.socket()

s.bind(('', 50001))  # bind to specific source port

s.connect(('example.com', 443))

Many apps and libraries (like curl, wget, netcat, python requests, etc.) don't expose source port binding — in those cases, control must be done externally.

Logging Violations

To log connection attempts from disallowed source ports:
 

# iptables -A OUTPUT -p tcp -m owner –uid-owner myuser ! –sport 50000:51000 \

  -j LOG –log-prefix "PORT VIOLATION: " –log-level 4
 

Containerized or Isolated Environments: Use Namespaces or Docker

For Docker or custom network namespaces, you can:

  • Use a private ephemeral port range
  • Use iptables inside the namespace
  • Isolate the entire network stack for maximum safety

Docker Example:

 # docker run -d –name limited_app –net=custom_net -p 50000-51000:50000-51000 myimage

Then configure the app inside the container to bind or use that port range.

Important Limitations

  • iptables owner match works only for UIDs, not process names.
  • If the app doesn’t bind explicitly, the kernel still picks a port — make sure the global range or netns is set correctly.
  • Some apps (e.g. Java, browsers) may use multiple ephemeral ports simultaneously — test carefully.
  • Not all programs allow setting source port via command line.

Recommended Best Practices

Let’s say you want to allow only ports 50000–51000 for a service called myapp:

  1. Create a dedicated system user:

# sudo useradd -r -s /sbin/nologin myapp

  1. Run the program as this user:

# sudo -u myapp /path/to/myapp

  1. Set the desired port range system-wide (optional):

# echo "50000 51000" | sudo tee /proc/sys/net/ipv4/ip_local_port_range

  1. Add iptables rule:

# iptables -A OUTPUT -p tcp -m owner –uid-owner myapp ! –sport 50000:51000 -j DROP

  1. (Optional) Add logging:

# iptables -A OUTPUT -p tcp -m owner –uid-owner myapp ! –sport 50000:51000 -j LOG –log-prefix "MYAPP PORT BLOCKED: "

  1. Make sure the app binds or connects correctly from that range.

Final Thoughts

Restricting outbound source port ranges per application or user is an underused but powerful technique to lock down systems, especially in:

  • High-security environments
  • Multi-tenant servers
  • NAT/firewall-managed networks
  • IDS/IPS-aware setups


You can start with simple iptables rules for users, and later adopt cgroups or container namespaces for deeper isolation.

Force specific source ports for a app like curl

To force specific source ports in general-purpose tools like curl or nc, try using iptables SNAT (with care), or consider writing wrappers/scripts that handle binding via LD_PRELOAD or custom socket logic.

Tags: , , , , , , , , , , ,
Posted in Firewall, Linux, Security, System Administration, Various | No Comments »

How to boost Linux Server Speed with tmpfs and few smart Optimization tweaks

Monday, October 20th, 2025

speed-up-accelerate-wordpress-joomla-drupal-cms-and-mysql-server-with-tmpfs_ramfs_decrease-pageload-times-with-ram-caching.png

If you’ve ever managed a busy Linux server, you’ve probably noticed how I/O bottlenecks can make your system feel sluggish – even when CPU and memory usage look fine. I recently faced this problem on a Debian box running Nginx, PHP-FPM, and MySQL / MariaDB. The fix turned out to be surprisingly simple: using tmpfs for temporary directories and tweaking a few kernel parameters.

1. Identify the resource issue Bottleneck

Running iostat -x 1 showed my /var/lib/mysql drive constantly pegged at 100% utilization, while CPU load stayed low. Classic disk-bound performance issue.

I checked swap usage:

# swapon –show

# free -h

The system was swapping occasionally — not good for performance-critical workloads.

2. Use tmpfs for Cache and Temporary Files

Linux allows you to use part of your RAM as a fast, volatile filesystem. Perfect for things like cache and sessions.

I edited /etc/fstab and added:

tmpfs   /tmp            tmpfs   defaults,noatime,mode=1777,size=1G  0  0

tmpfs   /var/cache/nginx tmpfs  defaults,noatime,mode=0755,size=512M 0 0

Then:

# mount -a

Immediately, I noticed fewer disk I/O spikes. Nginx’s cache hits were lightning-fast, and PHP temporary files were written in memory instead of SSD.

3. Tune Kernel Parameters

Adding these lines to /etc/sysctl.conf helped reduce swapping and improve responsiveness:

vm.swappiness=10

vm.vfs_cache_pressure=50

Then apply:

# sysctl -p

4. Use tmpfs for MySQL / MariaDB tmpdir (Optional)

If you have enough RAM, move MySQL’s temporary directory to tmpfs:

# mkdir -p /mnt/mysqltmp

# mount -t tmpfs -o size=512M tmpfs /mnt/mysqltmp

# chown mysql:mysql /mnt/mysqltmp

Then set in /etc/mysql/my.cnf: / /etc/mysql/mariadb.cnf

tmpdir = /mnt/mysqltmp

This dramatically speeds up large sorts and temporary table creation.

5. Monitor the Effects and tune up if necessery

After applying these changes, iostat showed disk utilization dropping from 95% to under 20% under the same workload.
Average response times from Nginx dropped by around 30–40%, and the server felt much more responsive.
However other cases might be different so it is a good idea to play around with tmpfs side according to your CPU / Memory system parameters etc. and find out the best values that would fit your Linux setup best.

Short rephrasal

tmpfs is one of those underused Linux features that can make a real-world difference for sysadmins and self-hosters. Just remember that data in tmpfs disappears after reboot, so only use it for volatile data (cache, temp files, etc.).

If you’re running a VPS or small dedicated box and looking for a quick, low-cost performance boost — give tmpfs a try. You might be surprised how much smoother your system feels.

 

Tags: , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, MySQL, Performance Tuning, Various | No Comments »

How to Build a Linux Port Scan Honeypot with iptables and test with nmap

Wednesday, October 8th, 2025

buiild-own-honeypot-with-iptables-and-test-with-nmap-linux-howto

Let’s build a simple, practical Linux port‑scan honeypot that uses iptables to capture/redirect incoming connection attempts and simple listeners that log interaction, and use nmap to test it. I’ll give runnable commands, a small Python honeypot listener, iptables rules (with rate‑limited logging), how to test with nmap, and notes on analysis, hardening, and safety.

Important safety notes (read first)

  • Only deploy this on machines/networks you own or are explicitly authorized to test. Scanning other people’s systems or letting an exposed honeypot be used to attack others is illegal and unethical.
  • Run the honeypot inside an isolated VM or protected network segment (use separate host or VLAN), and don't forward traffic from other networks unless you understand the risks.
  • Keep logs rotated and watch disk usage — honeypots can attract high traffic.

Overview

  1. Prepare an isolated Linux VM.
  2. Add iptables rules to log and optionally redirect connection attempts to local listeners.
  3. Run simple service emulators (Python) to accept connections and log data.
  4. Use nmap to test and validate behavior.
  5. Collect, parse, and analyze logs; optionally integrate with syslog/ELK.

Setup assumptions

  • Ubuntu/Debian or similar Linux.
  • Root (sudo) access.
  • iptables, python3, nmap, and socat/netcat available (I’ll show alternatives).

1) Create a safe environment

  • Use a VM (VirtualBox/QEMU/KVM) or container with no sensitive data.
  • Give it a fixed private IP on an isolated network.
  • Optionally place the VM behind another firewall (so you can control exposure).

2) Simple iptables logging rules (filter table)

We want to log connection attempts but avoid log flooding by using limit. Put these commands in a root shell:

# create a honeypot chain

# iptables -N HONEY

# rate-limited LOG then return so traffic continues to normal behavior

# iptables -A HONEY -m limit –limit 5/min –limit-burst 10 -j LOG \
–log-prefix "HPOT_CONN: " –log-level 4

# record raw packets to kernel log (optional NFLOG/ulogd is better for high volume)

# allow the packet to continue (or drop if you want it to appear closed)

# iptables -A HONEY -j ACCEPT

 

# Apply HONEY chain to incoming TCP attempts to all ports (or a subset)

# iptables -A INPUT -p tcp -j HONEY

Notes:

  • This logs packets hitting INPUT. If your VM is behind NAT or you want to catch forwarded packets, apply to FORWARD too.
  • Using -j LOG writes to kernel log, often /var/log/kern.log or via rsyslog to /var/log/messages.
  • Use NFLOG (-j NFLOG) with ulogd if you want structured logging and higher throughput.

If you prefer to log only SYNs (new connection attempts) to reduce noise:

# iptables -A HONEY -p tcp –syn -m limit –limit 5/min –limit-burst 10 \
-j LOG –log-prefix "HPOT_SYN: " –log-level 4

If you want to redirect certain destination ports into local port listeners (so local fake services can accept connections), use the nat table PREROUTING:

# Example redirect incoming port 80 to local port 8080

# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080

# For ports other than 80/443, add other rules

# iptables -t nat -A PREROUTING -p tcp –dport 22 -j REDIRECT –to-ports 2222

Notes:

  • -t nat -A PREROUTING catches traffic before routing. Use OUTPUT if traffic originates on host itself.
  • REDIRECT only works for local listeners.

3) Simple Python multi‑port honeypot listener

This script will bind multiple ports and log incoming connections and first bytes (banner or payload). Save as simple_honeypot.py:

#!/usr/bin/env python3

# simple_honeypot.py

import socket, threading, logging, time

 

LISTEN_PORTS = [22, 80, 443, 8080, 2222]   # customize

BANNER = b"HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK"

 

logging.basicConfig(

    filename="/var/log/honeypot.log",

    level=logging.INFO,

    format="%(asctime)s %(message)s"

)

 

def handle_client(conn, addr, port):

    try:

        conn.settimeout(5.0)

        data = conn.recv(4096)

        logged = data[:100].decode('utf-8', errors='replace')

        logging.info("CONNECT %s:%s -> port=%d first=%s", addr[0], addr[1], port, logged)

        # Send a small believable banner depending on port

        if port in (80, 8080):

            conn.sendall(BANNER)

        elif port in (22, 2222):

            conn.sendall(b"SSH-2.0-OpenSSH_7.4p1\r\n")

        else:

            conn.sendall(b"220 smtp.example.com ESMTP\r\n")

    except Exception as e:

        logging.info("ERROR %s", e)

    finally:

        try:

            conn.close()

        except:

            pass

 

def start_listener(port):

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

    s.bind(('0.0.0.0', port))

    s.listen(50)

    logging.info("Listening on %d", port)

    while True:

        conn, addr = s.accept()

        t = threading.Thread(target=handle_client, args=(conn, addr, port), daemon=True)

        t.start()

 

if __name__ == "__main__":

    for p in LISTEN_PORTS:

        t = threading.Thread(target=start_listener, args=(p,), daemon=True)

        t.start()

    # keep alive

    while True:

        time.sleep(3600)

Run it as root (or with capability binding) so it can listen on low ports:
 

# python3 simple_honeypot.py


# check logs

# tail -F /var/log/honeypot.log

Alternatives:

  • Use socat to spawn a logger for individual ports.
  • Use cowrie, glastopf, honeyd, sshpot etc. if you want full featured honeypots.

4) Using nmap to test the honeypot

Only scan your honeypot IP. Example commands:

Basic TCP port scan:

# nmap -sS -p- -T4 -oN scan_ports.txt <HONEYPOT_IP>

Service/version detection:

# nmap -sV -sC -p 22,80,443,2222 -oN scan_svcs.txt <HONEYPOT_IP>

Scan while avoiding ping (if your VM blocks ICMP):

# nmap -Pn -sS -p1-2000 <HONEYPOT_IP>

Aggressive scan + scripts (use on your own host only):

# nmap -A -T4 <HONEYPOT_IP>

Watch your honeypot logs while scanning to confirm entries.

5) Log collection & analysis

  • Kernel log: sudo tail -F /var/log/kern.log or sudo journalctl -f
  • Python listener log: /var/log/honeypot.log
  • For structured logging and higher throughput: configure ulogd (NFLOG) or forward logs to syslog/rsyslog and ELK/Graylog.
  • Example simple grep: grep HPOT_CONN /var/log/kern.log | tail -n 200

6) Hardening & operational tips

  • Isolate honeypot inside a VM and snapshot it so you can revert.
  • Use rate limits in iptables to avoid log flooding: -m limit –limit 5/min.
  • Rotate logs: configure logrotate for /var/log/honeypot.log.
  • Do not allow outbound traffic from the honeypot unless needed – attackers may use it to pivot. Use egress firewall rules to restrict outbound connections.
  • Consider running the honeypot under an unprivileged user wherever possible.
  • If expecting a lot of traffic, use NFLOG + ulogd or suricata/zeek for more scalable capture.

7) Optional: Richer visibility with NFLOG / ulogd

If you anticipate higher volume or want structured logs, use:

# example: mark packets from all TCP and send to NFLOG group 1

# iptables -I INPUT -p tcp -m limit –limit 10/min -j NFLOG –nflog-group 1

# run ulogd to write NFLOG to a file or DB (configure /etc/ulogd.conf)

8) Example scenario — bring it all together

  1. Start VM and ensure IP 192.168.56.101.
  2. Add iptables logging and redirect HTTP->8080.
  3. Run simple_honeypot.py with ports [22,80,2222,8080].
  4. From your scanner machine: nmap -sS -sV -p22,80,2222,8080 192.168.56.101
  5. Watch /var/log/honeypot.log and kernel logs for HPOT_* prefixes to see connections and payloads.

Quick reference for commands used:

  • Create honeypot chain and log SYNs:

# iptables -N HONEY

# iptables -A HONEY -p tcp –syn -m limit –limit 5/min –limit-burst 10 \
-j LOG –log-prefix "HPOT_SYN: "

# iptables -A INPUT -p tcp -j HONEY

  • Redirect port 80 -> 8080

# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080

  • Run listener:

# python3 simple_honeypot.py

  • Test with nmap:

# nmap -sS -sV -p22,80,2222,8080 -Pn <IP>

Conclusion

Building a simple Linux port‑scan honeypot with iptables and lightweight listeners gives you practical, immediate visibility into who’s probing your network and how they probe. With a few well‑scoped iptables rules you can capture and rate‑limit connection attempts, redirect selected ports to local emulators, and keep tidy, analysable logs. The small Python listener shown is enough to collect banners and initial payloads; for higher volume or more fidelity you can step up to NFLOG / ulogd, Zeek / Suricata, or production honeypots like Cowrie.

Remember the two rules that keep a honeypot useful and safe: isolate it (VMs, VLANs, strict egress rules) and log thoughtfully (rate limits, rotation, structured formats). That protects your environment and makes the data you collect far more valuable. Over time, turn raw logs into indicators (IP reputations, patterns of ports/probes, common payloads) and feed them into alerts or dashboards to turn passive observation into active defense.

Tags: , , , , , , , , , , ,
Posted in Computer Security, Linux, Security, System Administration, Various | No Comments »

Unlocking the Power of lnav: Logfile Navigator – ncurses text based tool guide to mutiple Logs on multiple servers easy analysis on Linux

Saturday, September 13th, 2025

lnav-syslog-screenshot-linux-virtual-machine

If you've ever found yourself buried under a mountain of log files, tailing multiple outputs, or grepping through endless lines trying to spot an error, it's time to meet your new best friend: lnav, the Logfile Navigator.

Lightweight, terminal-based, and surprisingly powerful, lnav is one of the most underrated tools for developers, sysadmins, and anyone who regularly digs into logs. It turns your chaotic logs into something that’s not only readable—but genuinely useful.

What is lnav and why use it ?

lnav (Logfile Navigator) is a command-line tool for viewing and analyzing log files. It goes beyond tail, less, or grep by:

  • Automatically detecting and merging log formats.
  • Highlighting timestamps, log levels, and errors.
  • Providing SQL-like queries over your logs.
  • Offering interactive navigation with a UI inside the terminal.

And yes, all of that without needing to set up a database or a server.

1. Installing lnav on Linux

Installation is straightforward. On most systems, you can install it via package managers:

On Ubuntu/Debian:

# apt install lnav

On Fedora:

# dnf install lnav

On Arch Linux:

# pacman -S lnav

Or build from source via GitHub if you want the latest version.

2. Use lnav Instead of Tail / Grep why?

Traditional tools are powerful, but they require manual work to chain together functionality. lnav gives you:

  • Automatic multi-log parsing: Drop multiple logs in, and it merges them chronologically.
  • Syntax highlighting: Errors and warnings stand out.
  • SQL querying: Run queries like SELECT * FROM syslog_log WHERE log_level = 'error';
  • Filtering and searching: Use intuitive filters and bookmarks to highlight specific entries.

3. Basic tool Usage is simple

Let’s say you want to inspect a system log:

# lnav /var/log/syslog

You'll immediately get:

  • Color-coded output (timestamps, levels, messages).
  • Scrollable view (arrow keys, PgUp, PgDn).
  • Real-time updates (like tail -f).
  • Search with /, filter with :filter-in, and even SQL queries.

Lets say you need to analyze Apache webserver logs recursively including the logs already rotated and gunzipped with *.gz extension on CentOS / Fedora / RHEL, you can do it with:

# lnav -r /var/log/httpd

You can parse the log file and get additional information about requests as well as you can print overall summary of log file.

Choose the line you want to parse. The selected line is always the one at the top of the window. Then press 'p' and you should see the following result:

https://pc-freak.net/images/lnav-get-extra-information-about-apache-query-with-P-press-key-screenshot-linux

Now, if you want to see a summary view of the logs by date and time, simply press 'i'.

lnav-linux-apache-log-review-summary-of-errors-warnings-normal-screenshot

To quit a screen you have chosen press 'q'.

4. LNAV helpful options and hotkeys

Once you've opened a log file/s for analyze you can use few hotkeys that will allow us to move through the output of lnav and the available views more easily:

e or E to jump to the next / previous error message.
w or W to jump to the next / previous warning message.
b or Backspace to move to the previous page.
Space to move to the next page.
g or G to move to the top / bottom of the current view.

To take a closer look at the way lnav operates, use -d option, the debug information is to be spit inside a .txt file:

# lnav /var/log/httpd -d lnav.txt

In this example, the debug information that is generated when lnav starts will be written to a file named lnav.txt inside the current working directory.

5. Real-World Use Cases

a. Troubleshooting application or system process Crashes

Open all relevant logs in one go:

# lnav /var/log/*.log

Errors are highlighted, and you can jump between them with n / N kbd keys.

b. Combining Multiple Logs

Working with an app that logs to different files and you need to combine:

# lnav /var/log/nginx/access.log /var/log/nginx/error.log


Or lets say you want to combine Apache Webserver with Haproxy log and get log summaries or filter out stuff:

lnav /var/log/apache2/access.log /var/log/haproxy.log


Now you will get a single, chronological timeline of events.

 

If you want to Search for a concrete occurance of Error / Warning or IP address inside a bunch of loaded combined logs you can do it with the same command like in simple vim by pressing / (slash) from kbd and type out what you want to filter out to get shown.

c. Analyze SQL Queries Logs

Yes, you can actually do this by passing it query in its command prompt :

:.schema
:SELECT log_time, log_level, log_message FROM syslog_log WHERE log_level = 'error';

You get a table of filtered logs, sortable by columns.
 

6. lnav more usage command tips

  • :help — Opens the help menu.
  • :filter-in <string> — Show only lines matching <string>.
  • :filter-out <string> — Hide lines matching <string>.
  • :export-to <filename> — Export current view to a file.
  • :tag <tagname> — Tag lines for later reference.
  • q — Quit (but why would you want to?).

 

7. Using lnav as a pager for systemd-journald

journalctl | lnav
# journalctl -f | lnav
# journalctl -u ssh.service | lnav

https://pc-freak.net/images/lnav_sshservice-log-view-screenshot-linux
 

8. Use lnav to review remote ssh logs

Newer versions after 0.10 supports ssh protocol as well and theoretically should work:

# lnav user@server-name-here:/var/log/file.log


To read all logs inside /var/log

# lnav root@server-name-here:/var/log/
# lnav root@server-name-here:/var/log/*.err

9. Using lnav to view docker container logs

# docker logs 811ab84aa95l | lnav
# docker logs -f application | lnav

The latest version of lnav supports even the following  simplified docker:// URL syntax:

# lnav docker://{container_id_or_name}/dir_path/to/log/file
# lnav docker://{container_id_or_name}/var/dir_path/log
# lnav docker://application/var/log/
# lnav docker://applcation/var/log/nginx/nginx.app.log

10. Monitoring compilation and command output useful for developers
 

Compilation from archived tar balls with ./configure && make etc. generate lot of outputs and logs while working. 
Here is where the tool can come handy. 
For example, here is how to watch the output of make command when compiling something:

# lnav -e './configure && make'

 11. Learning lnav tool through online ssh service availability via lnav.org

f you're lazy to install it and want to test it anyways:
 

# Start The Basic Tutorial:
ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password tutorial1@demo.lnav.org


# Playground:
ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password playground@demo.lnav.org


Closure

While tools like Kibana, Grafana, and ELK stacks are powerful, they can be overkill for many use cases—especially when you're SSHed into a box and just need to get answers fast. That’s where lnav shines as it is fast, lightweight, visual and can be used offline.

If you’re a developer, sysadmin, SRE (Site Reliability Engineer), or just someone who cares about logs, give lnav a spin. It might just become among your favorite sysadm tools on Linux and safe you pretty much of time if you have to do log reading and analyzing on daily basis (for example if you're admining 20+ or more Linux servers.

 

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Monitoring, System Administration, Various | No Comments »

How to install BASH and use shell scripting on Windows ?

Thursday, June 26th, 2025

install-bash-on-windows-run-and-use-shellscripting-on-windows-howto

Bash (Bourne Again SHell) is definitely a technology that will stay for years to come its simplicity and multi-platoformness is a factor that will definitely continue for many years thus even though it is mostly used on Linux / BSD / Unix, its application on Windows OS-es nowadays is perhaps increasing. Hence since so many people use Winodws nowdays (for work) it is really useful to have Bash set-up on Windows host machine.
In this article, I'll shortly explain how this is done, the article will not have anything too much interesting for the advanced admin or dev ops guy, but I hope people who are entering the business of system administration and high level computing and still orienting might benefit from it.

To install and use Bash shell terminal in Windows there are at least 3 ways:

  • Use Git Bash (Download and install it directly precompiled on WIndows)
  • Use Windows WSL emulation (install some Linux distro)
  • Use Virtualbox / Vagrant / VMware / Hyper-V emulation and install VM from public ISO image.

As a Free Software Lover, I would recommend and  always prefer to use the Free Software alternative if that is possible and thanksfully usually I use and install Git Bash or completely install Cygwin (Full set of Linux tools to run like native on Windows together with  Mobaxterm) together.

 

1. Installing Git Bash on Windows (uses MinGW Minimalist GNU for Windows)

Some might prefer to not use Microsoft for managing their bash especially the more freedom in mind people who like GNU and Free software and people.

MinGW is well known among free and open source enthusiasts.
It includes a port of the GNU Compiler Collection (GCC), GNU Binutils for Windows (assembler, linker, archive manager), a set of freely distributable Windows specific header files and static import libraries which enable the use of the Windows API, a Windows native build of the GNU Project's GNU Debugger, and miscellaneous utilities.

MinGW does not rely on third-party C runtime dynamic-link library (DLL) files, and because the runtime libraries are not distributed using the GNU General Public License (GPL), it is not necessary to distribute the source code with the programs produced, unless a GPL library is used elsewhere in the program.

 

MinGW can be run either on the native Microsoft Windows platform, cross-hosted on Linux (or other Unix), or "cross-native" on Cygwin.


To install Bash via Git, you can use Git for Windows, which includes Git Bash — a lightweight Bash emulator.


Steps to Install Git Bash on Windows
 

a. Download Git for Windows

Go to the official Git website:

https://git-scm.com/download/win

The download should start automatically.

b. Run the Installer

  • Open the downloaded .exe file
  • Follow the installation prompts

Recommended Settings:

  • Select components: Keep default
  • Editor: Choose your preferred text editor (e.g., Notepad++ or Vim)
  • Adjust PATH environment: Choose “Git from the command line and also from 3rd-party software”
  • Choose SSH executable: Use Built-in OpenSSH
  • Choose HTTPS transport backend: Use the default (OpenSSL)
  • Configure line endings: Select “Checkout Windows-style, commit Unix-style line endings”
  • Terminal emulator: Choose “Use MinTTY (the default terminal)”

Click Next through the remaining steps and then Install.

c. Launch Git Bash

After installation:

  • Press Windows key, type "Git Bash"
  • Click to launch the terminal

Now you're using a Bash shell on Windows.

Perhaps most common way is to use Windows Subsystem for Linux (WSL), people follow. WSL is a technology which is native Windows but gives MS Windows the opportunity to act in a way similar to docker containers. WSL lets you run a full Linux environment (including Bash) directly on Windows without using a virtual machine and is really fast and easy on Machine system resources. 


 2. Installing WSL bash easy from Windows 10 / 11 using  Win GUI menus


Steps to install WSL on Windows 10 / 11

Microsoft has since only continued to improve its Windows Subsystem for Linux, and an update in a Windows 10 preview build back in mid-2020 made it easier to install Bash.

That method also works the same as on Win 10 as well as on Win 11.
To install Bash shell emulation, hence open Windows Terminal as an admin user. You can do this by right-clicking the Windows icon and selecting “Windows Terminal (Admin)” from the power user menu.

(If you’re on Windows 10, you should see it listed as “Windows Powershell (Admin)” in the menu.)

 

windows-run-powershell-from-start-menu-screenshot

 


To complete WSL install with Virtualized Ubuntu OS

In Windows Terminal, run this command:

PS C:\Users\MyUser> wsl –install

Once everything is downloaded needed to run WSL emulation and Ubuntu Linux distribution,  Restart the PC.

Once your PC rebooted, installation will continue automatically.

After Ubuntu installed successfully, you’ll next be prompted to create a username and password and Ubuntu will fire up, and you will have your bash in Windows

 

Install-WSL-linux-subsystem-for-windows-from-powershell-prompt-screenshot


a. Enabling and Intalling BASH via command line (if WSL Linux subsystem for Windows is not enabled on Windows


It might be your Windows has no configured Windows Subsystem for Linux, hence if that is the case you will need to enable it following below few steps.

b. Enable WSL via dism.exe cmd

Open PowerShell as Administrator and run:

Powershell

PS C:\Users\MyUser> wsl –install

This installs WSL 2 and a default Linux distribution (like Ubuntu).

If you're on Windows 10 or on a PC where whoever installed the OS has not installed the Win Subsystem for Linux, you may need to manually enable WSL:

Launch Powershell

PS C:\Users\MyUser> dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

PS C:\Users\MyUser> dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Then restart your computer and run:

from the Windows Magnifier run Powershell and type in PS1 prompt:

PS C:\Users\MyUser> wsl –set-default-version 2

c. Installing other Linux Distribution (different from Ubuntu)

If not already installed during wsl –install, open the Microsoft Store and search for:

  • Ubuntu
  • Debian
  • Kali Linux
  • etc.

Click Install on the one you want.

d. Launching WSL / Bash terminal

Once installed:

  • Open Start Menu
  • Search for your Linux distro you just installed (e.g., “Ubuntu”)
  • Launch it

This opens a Bash shell where you can run Linux commands, like in regular Linux but on your Microsoft Windows OS.
 

Sum it up

What we learned is how to install bash via Bash Git and start using it to have more hybrid environment Windows / Linux. The article explained the two main methods using GIt Bash and using embedded Windows emulator WSL with an emulated Linux distro.

Enjoy ! 🙂

 

 


 

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in Curious Facts, Everyday Life, System Administration, Windows | No Comments »

How to Рecover deleted files in windows with Free ( unpaid ) software

Thursday, June 5th, 2025

How to Restore Deleted Files on Windows 10/11 - TinyFrom

It happens sometimes on Windows that accidently you deleted some files or directory with pressing Shift + DELETE key (not sending it to Trashbin) or by deleting fies / dirs by sending them in Trashbin but you decided you want them back once you have cleared up the Trashbin.
If this is the case it is pretty easy  to recover deleted files in Windows using free (freeware) unpaid soft and tools, to do so chooose on of the many options described and follow the some of below methods by the well known and  reputable tools pointed next.

1. Use Recuva (Free Version)

Recuva is one of the most popular free file recovery tools from the makers of CCleaner.

Steps:

  1. Download from the official site: https://www.ccleaner.com/recuva

  2. Install and open Recuva.

  3. Select the type of files you want to recover (e.g., pictures, documents).

  4. Choose the drive where the file was deleted.

  5. Use the Deep Scan option if the regular scan fails.

  6. Select files to recover and save them to a different drive to avoid overwriting.

2. Use PhotoRec (Part of TestDisk)

Despite the name, PhotoRec can recover many types of files, not just photos.

Steps:

  1. Download TestDisk & PhotoRec: https://www.cgsecurity.org/

  2. Extract the archive and run photorec_win.exe.

  3. Select the drive, then the partition.

  4. Choose the file system type (typically "Other").

  5. Select a destination for recovered files on another drive.

  6. Let it scan and recover files.

  7.  

⚠️ PhotoRec runs in a command-line interface but is powerful and completely free.

 

Note that Photorec is also available and can be used on Linux to recover files and if you're used to do things from command line I strongly recommend to give it a try on Windows as well.

3. Windows File History / Previous Versions (If Enabled)

If File History or System Protection was enabled:

Steps:

  1. Right-click the folder where the file was.

  2. Choose Restore previous versions.

  3. Browse previous versions and restore as needed.


4. Windows File Recovery (Microsoft's Free CLI Tool)

A command-line tool from Microsoft for advanced users is avalable it is called winfr

Steps:

  1. Download from Microsoft Store: Windows File Recovery

  2. Open Command Prompt as Administrator.

  3. To recover just a single file use the command:

    C:\>

    winfr C: D: /regular /n \Users\YourName\Documents\file.txt

     

    Replace paths as needed.

  4. To recover a directory it is pretty much the same except you have to include the directory instead of file

C:\> 

winfr C: D: /regular /n \Users\YourName\Documents\YourDeletedFolder\

 

Replace

C:

and

D:

with the appropriate source and destination drives.

 

 

  • C:

    = source drive (where the folder was deleted)

  • D:

    = destination drive (where recovered files will be saved)

  • /n

    = path filter (target folder)

  • /regular

    = mode suitable for NTFS drives


Important Tips:

 

  • Stop using the drive where the file was deleted to avoid overwriting it.
  • Always recover to a different drive.
  • The sooner you act, the higher the recovery success rate.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Backups, Curious Facts, Windows | No Comments »

Deploying a Server and Managing a 10-Node Linux Infrastructure with Ansible

Friday, May 30th, 2025

File:Ansible Logo.png - Wikimedia Commons

As organizations grow, manually configuring and maintaining servers quickly becomes inefficient, error-prone, and unscalable. Ansible, a powerful open-source automation tool, allows sysadmins and DevOps engineers to automate server provisioning, configuration management, and application deployment across multiple nodes—making it ideal for managing a fleet of Linux servers.

In this article, you’ll learn how to deploy a server using Ansible and manage an infrastructure of 10 Linux servers with ease.


What Is Ansible?

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.Ansible is an agentless IT automation tool. It uses SSH to connect to remote machines and YAML-based playbooks to define automation tasks. With Ansible, you can:

  • Install and configure software packages
  • Enforce configuration consistency
  • Perform updates across nodes
  • Deploy applications
  • Orchestrate complex workflows
     

Pre-requisites

To follow this guide, you need:

  • A control node (the machine from which you run Ansible)
  • 10 Linux servers (can be VMs or physical machines)
  • SSH access from the control node to all servers
  • Python installed on the target machines (most Linux distros have this by default)
     

1. Install Ansible on the Control Node 

On Ubuntu / Debian Linux

# apt update sudo apt install ansible -y

Or for CentOS/RHEL

# yum install epel-release -y
# yum install ansible -y

Verify installation:

# ansible –version

2. Configure Your Inventory File

Ansible uses an inventory file to define which servers to manage. By default, this is located at /etc/ansible/hosts, but you can also create a custom one.

Create an inventory file hosts.ini 

[webservers]
server1 ansible_host=192.168.1.101
server2 ansible_host=192.168.1.102
server3 ansible_host=192.168.1.103

[dbservers]
server4 ansible_host=192.168.1.104

[all:vars]
ansible_user=ansible_user
ansible_ssh_private_key_file=~/.ssh/id_rsa

You can also use hostnames if DNS is configured.

3. Test Connectivity

# ansible -i hosts.ini all -m ping

If everything is set up correctly, you should see pong responses from all servers.

4. Write Your First Playbook (Provisioning Example)

Create a file called server_setup.yml:


– name: Provision and configure Linux servers
  hosts: all
  become: yes
  tasks:

    – name: Update apt cache (Debian/Ubuntu)
      apt:
        update_cache: yes
      when: ansible_os_family == "Debian"

    – name: Install common packages
      package:
        name:
          – curl
          – git
          – htop
        state: present

    – name: Ensure Nginx is installed on webservers
      apt:
        name: nginx
        state: present
      when: "'webservers' in group_names"

    – name: Start and enable Nginx
      service:
        name: nginx
        state: started
        enabled: yes
      when: "'webservers' in group_names"
 

5. Run the Playbook

ansible-playbook -i hosts.ini server_setup.yml

Ansible will SSH into each server, execute the tasks, and return status messages.

6. Scaling to 10+ Servers

Managing a growing infrastructure is simple with Ansible:

  • Add new servers to hosts.ini
  • Reuse existing playbooks for setup
  • Use roles to modularize configuration (e.g., webserver, database, monitoring)
  • Schedule playbooks using cron or CI/CD pipelines (e.g., GitHub Actions, Jenkins)

7. Sample Ansible Project Structure

Organizing your Ansible project effectively is crucial for scalability and maintainability. Here's a sample recommended directory layout:

ansible-infra/
├── hosts.ini
├── server_setup.yml
├── roles/
│   ├── common/
│   │   ├── tasks/
│   │   │   └── main.yml
│   │   └── files/
│   └── webserver/
│       ├── tasks/
│       │   └── main.yml
│       └── templates/
└── group_vars/
    └── all.yml
 

Key Components:
 

  • ansible.cfg: Configuration file defining paths and settings.
  • inventories/: Directory containing environment-specific inventory files.
  • playbooks/: Directory for playbooks that define automation tasks.
  • roles/: Directory for reusable roles, each with its own tasks and variables.
  • requirements.yml: File listing external roles or collections.
     

For a detailed explanation of this structure, refer to the Ansible Documentation.

Visual Workflow (text) Diagram

To illustrate the workflow, here's a diagram depicting how Ansible interacts with your infrastructure:

+——————+        +——————+        +——————+
|   Control Node   |        |    Ansible      |        |   Managed Nodes  |
|  (Your Machine)  |        |  (Ansible Core) |        |  (10 Linux Servers)|
+——————+        +——————+        +——————+
        |                               |                                 |
        | SSH                      | Execute Playbooks  | Apply Configurations
        |                               |                                 |
        +————————->+————————->+

Workflow Steps:

  1. Control Node: You initiate commands from your local machine.

  2. Ansible Core: Ansible connects via SSH to each managed node.

  3. Managed Nodes: Ansible applies configurations as defined in your playbooks and roles.

This workflow ensures consistent and automated management of your infrastructure.

Best Practices

  • Use roles: Organize playbooks into reusable roles
     (ansible-galaxy init myrole)
  • Maintain version control: Keep playbooks and inventory in Git
  • Encrypt secrets: Use ansible-vault for secure credentials
  • Test in staging: Always validate changes before pushing to production

Conclusion

Ansible is a game-changer for managing Linux infrastructure. With a few simple playbooks, you can provision, configure, and maintain your servers consistently and securely.
For a 10-node infrastructure, it offers the perfect balance of simplicity and power—letting you scale efficiently without the overhead of agent-based solutions.

Tags: , , , , , , , , , , , , , , , , , , , , , ,
Posted in Debian, Everyday Life, Linux, Linux Package Management, Various | No Comments »

Howto Verify an SSL certificate and it private key do match

Monday, March 17th, 2025

Howto Verify an SSL certificate and it's private key do match ?

ssl-verify-pem-and-key-certificate-howto

 

In this article I'll show you how can you verify SSL generated certificate match with its private key. This is mostly useful as sometimes installing signed SSL certfificates might mismatch the key and the result is an SSL mismatch that prevents the supposed encryption of the service from end user to the service to work as expected.
 
I assume you already have properly issued and signed SSL certificate and the private key you used to issue the certificate as well as the entire certificate chain CA and root CA, as well as the certificate.

Requirements

You must have the following item :

  • the signed SSL certificate
  • the certificate's private key
  • the entire certification chain (intermediate CA and root CA)

1. Procedure to verify certificate .crt and .key file match

The following procedures can be used to ensure the given certificate/private key are valid.

Private key verification

  • compute the private key modulus

 

$ openssl rsa -in certificate.key -modulus -noout | openssl md5

(stdin)= e5220727Acc5396139823018773d55db

 

  • compute the certificate modulus

 

$ openssl x509 –in certificate.crt -modulus -noout | openssl md5(stdin)= e5220727Acc5396139823018773d55db

 

  • the private key and certificate modulus md5 must match


How to verify Private key verification (one liner command)

The following command should return 'OK'

 

$ [[ "$(openssl rsa -in your_company_private_key.key -modulus -noout | openssl md5)" == "$(openssl x509 -in and_your_company_private_key.crt -modulus -noout | openssl md5)" ]] && echo OK || echo NOK

 

2. CA (Certificate Authority)  chain verification

Execute the following command, The certificate.ca should contains the entire CA chain (intermediate CA + root CA)

 

$ openssl verify -CAfile certificate_file.ca certificate.crt: OK

 

3. Expiry date verification of SSL certificate

 

$ openssl x509 –in certificate_file.crt -noout -startdate -enddate

 

4. Verify the expiry date of a running web service online or in private net

 

$ openssl s_client -connect your-remote-service.com:443 2> /dev/null | openssl x509 -noout -startdate -enddate

notBefore=Oct 5 00:15:00 2024 GMT
notAfter=Oct 18 23:59:59 2026 GMT

 

If the service provide several certificate with SNI you should use this command to get back the good certificate. You have to set the subject certificate you want to get back

 

$ openssl s_client -connect www.your-remote-service.com:443 -servername srv.your-remote-service.com 2> /dev/null

| openssl x509 -noout -startdate -enddate

notBefore=Oct 5 00:15:00 2024 GMT
notAfter=Oct 18 23:59:59 2026 GMT

 

Sum up what learned ?

In this short article we learned how to verify .crt and and .key file does match, how to do a chain verification of SSL cert, how to check the expire date of a certificate, as well as how to use the openssl command to verify whether installed certificate on a web service is set and working.

Tags: , , , , , , , , , , ,
Posted in Linux, Web and CMS | No Comments »

« Older Entries